Level 9 would be better.
On 02/24/2017 12:44 PM, Lukas Slebodnik wrote:
On (23/02/17 14:23), Max DiOrio wrote:
So I have some RHEL 7.3 virtual machines that were on Redhat IDM/IPACould you provide log fils with higher debug level(7 should be enough)?
domain. I cloned them, renamed them, new IP's etc, and uninstalled the IPA
client successfully.
I then joined them to our AD domain using realm join like I have other
machines. I matched settings in sssd.conf and nsswitch.conf and I can
kinit and id users without any issues.
My problem is that nobody can log into using their AD credentials because
access is based on GPO and for some reason this server isn't able to get
the GPO:
(Thu Feb 23 14:15:23 2017) [sssd[be[internal.ieeeglobalspec.com ]]]
[ad_gpo_access_send] (0x0400): service sshd maps to Remote Interactive
(Thu Feb 23 14:15:23 2017) [sssd[be[internal.ieeeglobalspec.com ]]]
[ad_gpo_connect_done] (0x4000): server_hostname from uri:
la-2pdom02.internal.ieeeglobalspec.com
(Thu Feb 23 14:15:23 2017) [sssd[be[internal.ieeeglobalspec.com ]]]
[ad_gpo_connect_done] (0x0400): sam_account_name is LA-1QGLSESGAP01$
(Thu Feb 23 14:15:23 2017) [sssd[be[internal.ieeeglobalspec.com ]]]
[ad_gpo_site_name_retrieval_done] (0x0040): Cannot retrieve master domain
info
(Thu Feb 23 14:15:23 2017) [sssd[be[internal.ieeeglobalspec.com ]]]
[ad_gpo_process_som_done] (0x0040): Unable to get som list: [2](No such
file or directory)
(Thu Feb 23 14:15:23 2017) [sssd[be[internal.ieeeglobalspec.com ]]]
[ad_gpo_access_done] (0x0040): GPO-based access control failed.
Server is in an OU that is covered by my access policy GPO. GP Modeling
shows that the correct policy would apply.
Thanks
Please provide domain log file and gpo_child.log______________________________
LS
_________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org